package org.monash.griddles.jobrun;

import com.sun.org.apache.xml.internal.security.utils.RFC2253Parser;
import com.sun.xml.wss.impl.callback.CertificateValidationCallback;
import com.sun.xml.wss.impl.callback.DecryptionKeyCallback;
import com.sun.xml.wss.impl.callback.EncryptionKeyCallback;
import com.sun.xml.wss.impl.callback.PasswordValidationCallback;
import com.sun.xml.wss.impl.callback.SignatureKeyCallback;
import com.sun.xml.wss.impl.callback.SignatureVerificationKeyCallback;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.PKIXBuilderParameters;
import java.security.cert.X509CertSelector;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Enumeration;
import java.util.Properties;
import javax.crypto.SecretKey;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;

/* loaded from: input_file:org/monash/griddles/jobrun/SecurityEnvironmentHandler.class */
public class SecurityEnvironmentHandler implements CallbackHandler {
    private String keyStoreURL;
    private String keyStorePassword;
    private String keyStoreType;
    private String trustStoreURL;
    private String trustStorePassword;
    private String trustStoreType;
    private String symmKeyStoreURL;
    private String symmKeyStorePassword;
    private String symmKeyStoreType;
    private KeyStore keyStore;
    private KeyStore trustStore;
    private KeyStore symmKeyStore;
    private static final String fileSeparator = System.getProperty("file.separator");
    private static final UnsupportedCallbackException unsupported = new UnsupportedCallbackException(null, "Unsupported Callback Type Encountered");

    /* renamed from: org.monash.griddles.jobrun.SecurityEnvironmentHandler$1, reason: invalid class name */
    /* loaded from: input_file:org/monash/griddles/jobrun/SecurityEnvironmentHandler$1.class */
    static class AnonymousClass1 {
    }

    /* loaded from: input_file:org/monash/griddles/jobrun/SecurityEnvironmentHandler$PlainTextPasswordValidator.class */
    private class PlainTextPasswordValidator implements PasswordValidationCallback.PasswordValidator {
        private final SecurityEnvironmentHandler this$0;

        private PlainTextPasswordValidator(SecurityEnvironmentHandler securityEnvironmentHandler) {
            this.this$0 = securityEnvironmentHandler;
        }

        public boolean validate(PasswordValidationCallback.Request request) throws PasswordValidationCallback.PasswordValidationException {
            PasswordValidationCallback.PlainTextPasswordRequest plainTextPasswordRequest = (PasswordValidationCallback.PlainTextPasswordRequest) request;
            return "Ron".equals(plainTextPasswordRequest.getUsername()) && "noR".equals(plainTextPasswordRequest.getPassword());
        }

        PlainTextPasswordValidator(SecurityEnvironmentHandler securityEnvironmentHandler, AnonymousClass1 anonymousClass1) {
            this(securityEnvironmentHandler);
        }
    }

    /* loaded from: input_file:org/monash/griddles/jobrun/SecurityEnvironmentHandler$X509CertificateValidatorImpl.class */
    private class X509CertificateValidatorImpl implements CertificateValidationCallback.CertificateValidator {
        private final SecurityEnvironmentHandler this$0;

        private X509CertificateValidatorImpl(SecurityEnvironmentHandler securityEnvironmentHandler) {
            this.this$0 = securityEnvironmentHandler;
        }

        public boolean validate(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            if (isSelfCert(x509Certificate)) {
                return true;
            }
            try {
                x509Certificate.checkValidity();
                X509CertSelector x509CertSelector = new X509CertSelector();
                x509CertSelector.setCertificate(x509Certificate);
                try {
                    PKIXBuilderParameters pKIXBuilderParameters = new PKIXBuilderParameters(this.this$0.trustStore, x509CertSelector);
                    pKIXBuilderParameters.setRevocationEnabled(false);
                    try {
                        return true;
                    } catch (Exception e) {
                        e.printStackTrace();
                        return false;
                    }
                } catch (Exception e2) {
                    e2.printStackTrace();
                    throw new CertificateValidationCallback.CertificateValidationException(e2.getMessage(), e2);
                }
            } catch (CertificateExpiredException e3) {
                e3.printStackTrace();
                throw new CertificateValidationCallback.CertificateValidationException("X509Certificate Expired", e3);
            } catch (CertificateNotYetValidException e4) {
                e4.printStackTrace();
                throw new CertificateValidationCallback.CertificateValidationException("X509Certificate not yet valid", e4);
            }
        }

        private boolean isSelfCert(X509Certificate x509Certificate) throws CertificateValidationCallback.CertificateValidationException {
            X509Certificate x509Certificate2;
            try {
                if (this.this$0.keyStore == null) {
                    this.this$0.initKeyStore();
                }
                Enumeration<String> aliases = this.this$0.keyStore.aliases();
                while (aliases.hasMoreElements()) {
                    String nextElement = aliases.nextElement();
                    if (this.this$0.keyStore.isKeyEntry(nextElement) && (x509Certificate2 = (X509Certificate) this.this$0.keyStore.getCertificate(nextElement)) != null && x509Certificate2.equals(x509Certificate)) {
                        return true;
                    }
                }
                return false;
            } catch (Exception e) {
                e.printStackTrace();
                throw new CertificateValidationCallback.CertificateValidationException(e.getMessage(), e);
            }
        }

        X509CertificateValidatorImpl(SecurityEnvironmentHandler securityEnvironmentHandler, AnonymousClass1 anonymousClass1) {
            this(securityEnvironmentHandler);
        }
    }

    public SecurityEnvironmentHandler() throws Exception {
        Properties properties = new Properties();
        String property = System.getProperty("jwsdp.container.type");
        String str = null;
        if (property != null) {
            if ("appserver".equals(property)) {
                str = new StringBuffer().append(System.getProperty("catalina.home")).append(fileSeparator).append("..").append(fileSeparator).append("..").toString();
            } else if ("webserver".equals(property)) {
                str = new StringBuffer().append(System.getProperty("catalina.home")).append(fileSeparator).append("..").toString();
            } else if ("tomcat".equals(property)) {
                str = System.getProperty("catalina.home");
            }
            properties.load(new FileInputStream(new StringBuffer().append(str).append(fileSeparator).append("xws-security").append(fileSeparator).append("etc").append(fileSeparator).append("server-security-env.properties").toString()));
        } else {
            str = System.getProperty("KEPLER");
            properties.load(new FileInputStream(new StringBuffer().append(str).append(fileSeparator).append("xws-security").append(fileSeparator).append("client-security-env.properties").toString()));
        }
        this.keyStoreURL = new StringBuffer().append(str).append(properties.getProperty("keystore.url")).toString();
        this.keyStoreType = properties.getProperty("keystore.type");
        this.keyStorePassword = properties.getProperty("keystore.password");
        this.trustStoreURL = new StringBuffer().append(str).append(properties.getProperty("truststore.url")).toString();
        this.trustStoreType = properties.getProperty("truststore.type");
        this.trustStorePassword = properties.getProperty("truststore.password");
        this.symmKeyStoreURL = new StringBuffer().append(str).append(properties.getProperty("symmetrickeystore.url")).toString();
        this.symmKeyStoreType = properties.getProperty("symmetrickeystore.type");
        this.symmKeyStorePassword = properties.getProperty("symmetrickeystore.password");
        initTrustStore();
        initKeyStore();
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        for (int i = 0; i < callbackArr.length; i++) {
            if (callbackArr[i] instanceof PasswordValidationCallback) {
                PasswordValidationCallback passwordValidationCallback = (PasswordValidationCallback) callbackArr[i];
                if (passwordValidationCallback.getRequest() instanceof PasswordValidationCallback.PlainTextPasswordRequest) {
                    passwordValidationCallback.setValidator(new PlainTextPasswordValidator(this, null));
                } else {
                    if (!(passwordValidationCallback.getRequest() instanceof PasswordValidationCallback.DigestPasswordRequest)) {
                        throw unsupported;
                    }
                    PasswordValidationCallback.DigestPasswordRequest request = passwordValidationCallback.getRequest();
                    if ("Ron".equals(request.getUsername())) {
                        request.setPassword("noR");
                        passwordValidationCallback.setValidator(new PasswordValidationCallback.DigestPasswordValidator());
                    }
                }
            } else if (callbackArr[i] instanceof SignatureVerificationKeyCallback) {
                SignatureVerificationKeyCallback signatureVerificationKeyCallback = (SignatureVerificationKeyCallback) callbackArr[i];
                if (signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest) {
                    SignatureVerificationKeyCallback.X509SubjectKeyIdentifierBasedRequest request2 = signatureVerificationKeyCallback.getRequest();
                    request2.setX509Certificate(getCertificateFromTrustStore(request2.getSubjectKeyIdentifier()));
                } else {
                    if (!(signatureVerificationKeyCallback.getRequest() instanceof SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest)) {
                        throw unsupported;
                    }
                    SignatureVerificationKeyCallback.X509IssuerSerialBasedRequest request3 = signatureVerificationKeyCallback.getRequest();
                    request3.setX509Certificate(getCertificateFromTrustStore(request3.getIssuerName(), request3.getSerialNumber()));
                }
            } else if (callbackArr[i] instanceof SignatureKeyCallback) {
                SignatureKeyCallback signatureKeyCallback = (SignatureKeyCallback) callbackArr[i];
                if (signatureKeyCallback.getRequest() instanceof SignatureKeyCallback.DefaultPrivKeyCertRequest) {
                    getDefaultPrivKeyCert((SignatureKeyCallback.DefaultPrivKeyCertRequest) signatureKeyCallback.getRequest());
                } else {
                    if (!(signatureKeyCallback.getRequest() instanceof SignatureKeyCallback.AliasPrivKeyCertRequest)) {
                        throw unsupported;
                    }
                    SignatureKeyCallback.AliasPrivKeyCertRequest request4 = signatureKeyCallback.getRequest();
                    String alias = request4.getAlias();
                    try {
                        request4.setX509Certificate((X509Certificate) this.keyStore.getCertificate(alias));
                        request4.setPrivateKey((PrivateKey) this.keyStore.getKey(alias, this.keyStorePassword.toCharArray()));
                    } catch (Exception e) {
                        throw new IOException(e.getMessage());
                    }
                }
            } else if (callbackArr[i] instanceof DecryptionKeyCallback) {
                DecryptionKeyCallback decryptionKeyCallback = (DecryptionKeyCallback) callbackArr[i];
                if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest) {
                    DecryptionKeyCallback.X509SubjectKeyIdentifierBasedRequest request5 = decryptionKeyCallback.getRequest();
                    request5.setPrivateKey(getPrivateKey(request5.getSubjectKeyIdentifier()));
                } else if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509IssuerSerialBasedRequest) {
                    DecryptionKeyCallback.X509IssuerSerialBasedRequest request6 = decryptionKeyCallback.getRequest();
                    request6.setPrivateKey(getPrivateKey(request6.getIssuerName(), request6.getSerialNumber()));
                } else if (decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.X509CertificateBasedRequest) {
                    DecryptionKeyCallback.X509CertificateBasedRequest request7 = decryptionKeyCallback.getRequest();
                    request7.setPrivateKey(getPrivateKey(request7.getX509Certificate()));
                } else {
                    if (!(decryptionKeyCallback.getRequest() instanceof DecryptionKeyCallback.AliasSymmetricKeyRequest)) {
                        throw unsupported;
                    }
                    DecryptionKeyCallback.AliasSymmetricKeyRequest request8 = decryptionKeyCallback.getRequest();
                    try {
                        request8.setSymmetricKey((SecretKey) this.symmKeyStore.getKey(request8.getAlias(), this.symmKeyStorePassword.toCharArray()));
                    } catch (Exception e2) {
                        throw new IOException(e2.getMessage());
                    }
                }
            } else if (callbackArr[i] instanceof EncryptionKeyCallback) {
                EncryptionKeyCallback encryptionKeyCallback = (EncryptionKeyCallback) callbackArr[i];
                if (encryptionKeyCallback.getRequest() instanceof EncryptionKeyCallback.AliasX509CertificateRequest) {
                    EncryptionKeyCallback.AliasX509CertificateRequest request9 = encryptionKeyCallback.getRequest();
                    String alias2 = request9.getAlias();
                    if (alias2 == null) {
                        continue;
                    } else {
                        try {
                            request9.setX509Certificate((X509Certificate) this.trustStore.getCertificate(alias2));
                        } catch (Exception e3) {
                            throw new IOException(e3.getMessage());
                        }
                    }
                } else {
                    if (!(encryptionKeyCallback.getRequest() instanceof EncryptionKeyCallback.AliasSymmetricKeyRequest)) {
                        throw unsupported;
                    }
                    EncryptionKeyCallback.AliasSymmetricKeyRequest request10 = encryptionKeyCallback.getRequest();
                    try {
                        request10.setSymmetricKey((SecretKey) this.symmKeyStore.getKey(request10.getAlias(), this.symmKeyStorePassword.toCharArray()));
                    } catch (Exception e4) {
                        throw new IOException(e4.getMessage());
                    }
                }
            } else {
                if (!(callbackArr[i] instanceof CertificateValidationCallback)) {
                    throw unsupported;
                }
                ((CertificateValidationCallback) callbackArr[i]).setValidator(new X509CertificateValidatorImpl(this, null));
            }
        }
    }

    private void initTrustStore() throws IOException {
        try {
            this.trustStore = KeyStore.getInstance(this.trustStoreType);
            this.trustStore.load(new FileInputStream(this.trustStoreURL), this.trustStorePassword.toCharArray());
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public void initKeyStore() throws IOException {
        try {
            this.keyStore = KeyStore.getInstance(this.keyStoreType);
            this.keyStore.load(new FileInputStream(this.keyStoreURL), this.keyStorePassword.toCharArray());
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private void initSymmKeyStore() throws IOException {
        try {
            this.symmKeyStore = KeyStore.getInstance(this.symmKeyStoreType);
            this.symmKeyStore.load(new FileInputStream(this.symmKeyStoreURL), this.symmKeyStorePassword.toCharArray());
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private X509Certificate getCertificateFromTrustStore(byte[] bArr) throws IOException {
        X509Certificate x509Certificate;
        byte[] subjectKeyIdentifier;
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType()) && (subjectKeyIdentifier = getSubjectKeyIdentifier((x509Certificate = (X509Certificate) certificate))) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return x509Certificate;
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private X509Certificate getCertificateFromTrustStore(String str, BigInteger bigInteger) throws IOException {
        try {
            Enumeration<String> aliases = this.trustStore.aliases();
            while (aliases.hasMoreElements()) {
                Certificate certificate = this.trustStore.getCertificate(aliases.nextElement());
                if (certificate != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                    BigInteger serialNumber = x509Certificate.getSerialNumber();
                    if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                        return x509Certificate;
                    }
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    public PrivateKey getPrivateKey(byte[] bArr) throws IOException {
        Certificate certificate;
        byte[] subjectKeyIdentifier;
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && "X.509".equals(certificate.getType()) && (subjectKeyIdentifier = getSubjectKeyIdentifier((X509Certificate) certificate)) != null && Arrays.equals(bArr, subjectKeyIdentifier)) {
                    return (PrivateKey) this.keyStore.getKey(nextElement, this.keyStorePassword.toCharArray());
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    public PrivateKey getPrivateKey(String str, BigInteger bigInteger) throws IOException {
        Certificate certificate;
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && "X.509".equals(certificate.getType())) {
                    X509Certificate x509Certificate = (X509Certificate) certificate;
                    String normalize = RFC2253Parser.normalize(x509Certificate.getIssuerDN().getName());
                    BigInteger serialNumber = x509Certificate.getSerialNumber();
                    if (normalize.equals(str) && serialNumber.equals(bigInteger)) {
                        return (PrivateKey) this.keyStore.getKey(nextElement, this.keyStorePassword.toCharArray());
                    }
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    public PrivateKey getPrivateKey(X509Certificate x509Certificate) throws IOException {
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (aliases.hasMoreElements()) {
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement)) {
                    Certificate certificate = this.keyStore.getCertificate(nextElement);
                    if (certificate != null && certificate.equals(x509Certificate)) {
                        return (PrivateKey) this.keyStore.getKey(nextElement, this.keyStorePassword.toCharArray());
                    }
                }
            }
            return null;
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private void getDefaultPrivKeyCert(SignatureKeyCallback.DefaultPrivKeyCertRequest defaultPrivKeyCertRequest) throws IOException {
        Certificate certificate;
        String str = null;
        try {
            Enumeration<String> aliases = this.keyStore.aliases();
            while (true) {
                if (!aliases.hasMoreElements()) {
                    break;
                }
                String nextElement = aliases.nextElement();
                if (this.keyStore.isKeyEntry(nextElement) && (certificate = this.keyStore.getCertificate(nextElement)) != null && (certificate instanceof X509Certificate)) {
                    if (str != null) {
                        str = null;
                        break;
                    }
                    str = nextElement;
                }
            }
            if (str != null) {
                defaultPrivKeyCertRequest.setX509Certificate((X509Certificate) this.keyStore.getCertificate(str));
                defaultPrivKeyCertRequest.setPrivateKey((PrivateKey) this.keyStore.getKey(str, this.keyStorePassword.toCharArray()));
            }
        } catch (Exception e) {
            throw new IOException(e.getMessage());
        }
    }

    private static byte[] getSubjectKeyIdentifier(X509Certificate x509Certificate) {
        byte[] extensionValue = x509Certificate.getExtensionValue("2.5.29.14");
        if (extensionValue == null) {
            return null;
        }
        byte[] bArr = new byte[extensionValue.length - 4];
        System.arraycopy(extensionValue, 4, bArr, 0, extensionValue.length - 4);
        return bArr;
    }
}
